Threats

Back
Cryptocurrency explained

Cryptocurrencies such as Bitcoin are virtual currencies, which means they exist only online and there are no physical notes and coins. 

There are currently more than 1,000 cryptocurrencies; the most common being Bitcoin, Monero and Ethereum.

Technology known as ‘blockchain’, acts as a digital register that records all transactions relating to a virtual currency. If you buy or sell cryptocurrency, or even use it to buy a coffee at a trendy ‘we accept bitcoin’ café’, it will be recorded in this digital register.

These transactions are then verified by ‘cryptomining’, which is legitimate and a critical part of how cryptocurrencies work.

Cryptomining uses the processing power of computers to solve complex mathematical problems and verify cybercurrency transactions. The miners, ­­who are like auditors, are then rewarded with a small amount of cybercurrency.

This step ensures the validity of the currency, with no one able to use the same money twice. The miners keep cryptocurrency users honest!

Bear in mind however that, unlike traditional currencies, cryptocurrencies don’t belong to a central bank, meaning they have no government backing. They are international currencies and can be used to send money around the world without any identity checks, making them a popular choice for cybercriminals involved in malicious or criminal activity.

Cryptomining malware

Cryptomining malware

To earn more, cybercriminals use cryptomining malware to try and hack into people’s computers and use their computer’s processing power, often without them knowing. This is when cryptomining becomes illegal.

The malware can slow computers down dramatically and stop them working normally.

Does my computer have cryptomining malware?

Surges in cryptocurrency prices means cybercriminals are increasingly targeting different platforms, including Android, smart devices and Windows, in an effort to earn more.

If your device is infected, it will be slower and struggle to perform some normal tasks as the malware is using its processing power

How can my computer become infected?

Cryptomining malware infects computers and networks in the same ways as other types of malware, for example:

  • attached to an email
  • hiding on genuine or fake websites
  • pretending to be an application on a peer-to-peer network.

In early 2018 cryptocurrency miners infected Google’s ad network with malware to tap into the processing power of those who looked at ads on YouTube. 

Protect yourself from cryptomining malware

Follow these steps to reduce your risk of being affected by cryptomining and other malware:

  • Use anti-virus software and automatically download updates. 
  • Use browser add-ons to block malicious activity. Browser add-ons allow your browser to do more things.
  • Keep software such as your operating system and applications up-to-date. 
  • Use strong passwords.
  • Never click on links in emails or messages you aren’t expecting, even if it looks like it comes from a government agency, well-known organisation, or a friend.
  • Disable Microsoft Office macros. Macros are small programs used to automate simple tasks in Microsoft Office documents but can be used maliciously. Visit the Microsoft website for information on disabling macros in your version of Office.
  • Browse the web safely.

Sometimes personal information is released to unauthorised people by accident, or as the result of a security breach. These are known as a data breaches, or data spills. Organisations collect and store a lot of personal details. You trust them with your address, credit card number, health records and more. Sometimes personal information is released to unauthorised people by accident, or as the result of a security breach. For example, an email with personal information can be sent to the wrong person, or a computer system can be hacked and personal information stolen. These are known as a data breaches, or data spills.

The Notifiable Data Breaches scheme

In Greece, the Notifiable Data Breaches scheme means many organisations must tell you if your personal data has been involved in a data breach and this has put you at risk of serious harm. This could include serious physical, psychological, emotional, financial, or reputational harm. When an organisation notifies you about a data breach, they must also provide recommendations for how you can protect yourself.

Prepare for the possibility of a breach
  • Minimise the amount personal information shared with an organisation. Only tell organisations the information they need to provide the services, rather than everything they ask for. For example, be careful about how much information you give away in security question for password recovery on websites: it might ask for your mother’s maiden name, but you can put something else in there if you will remember it.
  • Look for organisations that have a commitment to cyber security. Think twice about using businesses with a poor security reputation; take your business elsewhere if their cyber security is inadequate.
Minimise the impact of a breach
  • Avoid re-using passwords, so that if one of your service providers loses your password, it doesn’t compromise your access to other services. If you did use a compromised password in other places, reset the other service’s password immediately.
  • Back up important information. A data beach may not just result in a loss of personal information; it could also result in a loss of access to some information held by the affected organisation.
  • Use multi-factor authentication for critical services, such as your online tax return, or even email.
Understand the breach
  • Know how you are affected. If you are informed of a breach, or read about one in the media, make sure you understand what data may be affected. Visit the website of the affected organisation and look for any official communications. The personal impact to you will vary depending on what has been breached.
  • Validate communications from an organisation. Scammers might try to take advantage of you during the confusion of a data breach. For example, if you receive an email notifying you of a security breach, and asking you to reset your password, use the legitimate password reset process, rather than a link in the email.
  • Review access logs. Some online services, like webmail, allow you to view what devices, logins, or transactions have recently accessed your service. If you think your account has been compromised, check if you can view the logs. .

What is a distributed denial of service attack?

A distributed denial of service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic.

DDoS usually uses a network of compromised systems to flood sites with connection requests, causing the website or server to slow down or crash entirely.

You should consider the business, financial and social impact of a DDoS attack on your online services. If a service is critical to your organisation, consider how to protect it against an attack.

It is generally not practical for most organisations to host infrastructure in-house that can defend against large-scale DDoS attacks. Using services such as a Content Delivery Network (CDN) or a DDoS mitigation provider is essential. These sit between an ‘origin server’—a server you manage that provides your content—and the users of your online service on the internet. Any traffic directed at your online service has to go through the CDN or DDoS mitigation provider first, allowing any attack traffic to be dealt with before it hits your infrastructure.

How do I recover from a DDoS attack?
  • Never respond to extortion emails, even to refuse payment.
  • Contact your internet service provider, CDN or DDoS provider to get assistance.
  • Initiate your incident response plan.
How do I prevent DDoS attacks?

You can take a few simple steps to prevent DDoS attacks:

  • Regularly apply IT security patches to your website.
  • Use a CDN or DDoS mitigation provider to front your online services.
  • Be careful not to allow details about the address of your ‘origin servers’ to leak onto the internet, so that attackers cannot attempt to access it directly, bypassing the CDN or DDoS mitigation provider.
  • Protect your ‘origin servers’ from direct access by implementing network filtering that limits access to traffic coming through your CDN or DDoS mitigation provider.
  • Harden DNS servers against DDoS attacks.
  • Consider mirroring part or all of your DNS infrastructure with DDoS resilient DNS providers.
  • Run online services on different infrastructure to your critical business systems where practical.

Hacking refers to unauthorised access of a system or network, often to exploit a system’s data or manipulate its normal behaviour.

Now a common part of our vocabulary, we read about hacking daily as data spills and breaches make headlines, and major organisations warn their customers to check their bank statements carefully.

While it’s often a catch-all term applied to anything that compromises or negatively affects our computers, ‘hacking’ represents a particular kind of threat to your network and accounts.

How it works

Like breaking into someone’s home, thieves have to look for a way in. Using software code, either developed themselves or available in a ready-to-use kit online, hackers look at ways to gain access to a network. Often finding out a password is the first step in cracking a network’s security.

Once in, a hacker can modify how a network works, steal data, obtain passwords, get credit card information, watch what you are doing or install malicious software (malware) to further the attack.

While hacking is often highly targeted, some hacking tools such as ransomware or phishing malware can spread on their own via links and attachments. Malware can compromise your system or accounts without someone specifically targeting you.

How to protect yourself from hacking
  • Install anti-virus software on all devices and set it to automatically apply updates and conduct regular scans.
  • Always install updates for applications and operating systems when they are available. The longer you delay, the longer you are vulnerable to hackers or malware.
  • Use unique, strong passwords that are passphrases for each account (don’t duplicate across accounts) and always use two-factor authentication where possible.
  • Always backup your data so if your system is compromised, you won’t necessarily lose everything. Make sure the backup hard drive is not left connected to your system after you’ve finished.
  • Always practice safe online browsing behaviour and be on the lookout for suspicious links or email attachments.

Identity theft is when a cybercriminal gains access to your personal information to steal money or gain other benefits. They can create fake identity documents in your name, get loans and benefits or apply for real identity documents in your name, but with another person’s photograph.

The financial and emotional consequences can be devastating for victims. Once your identity has been stolen it can be difficult to recover and you may have problems for years to come.

What type of information do cybercriminals steal?

A cybercriminal may look to steal a range of personal information including:

  • Name
  • Date of birth
  • Driver’s licence number
  • Address
  • Mother’s maiden name
  • Place of birth
  • Credit card details
  • Tax file number
  • Medicare card details
  • Passport information
  • Personal Identification Number (PIN)
  • Online account username and login details
How do you know if your identity has been stolen?

Look out for these common warning signs:

  • Your bank statements show purchases or withdrawals you have not made.
  • You stop receiving mail you may be expecting (e.g. electricity bills) or receive no mail.
  • You receive bills or receipts for things you haven’t purchased or statements for loans or credit cards you haven’t applied for.
  • A government agency may inform you that you are receiving a government benefit that you never applied for.
  • You have been refused credit because of a poor credit history due to debts you have not incurred.
  • You may be contacted by debt collectors.
How to protect yourself and your family

Cybercriminals can learn a lot about you from your social media accounts. Here are some tips to protect yourself and your family:

  • Limit what you share online. Reconsider sharing information on social media like your birthday, photos of a new house that include your address, or photos that identify your children’s school, or details of schools you attended. These details are often used for security questions on financial and other important accounts.
  • Set your social media privacy settings to ‘private’. Ensure you’re only sharing your photos and posts with people you know and trust.
  • Don’t accept ‘friend’ requests from strangers.
  • Cybercriminals try to trick you into giving away your personal information. They often impersonate well-known organisations to ask you to confirm your personal details via messages or websites. Because of this, many companies now state they will not ask you to update or confirm your details, like passwords, PINs, credit card information or account details via links in messages.
  • If there really is a need to update your details, you should do so by typing the organisation’s official website address manually into your internet browser and not use links from messages.
  • Think twice before entering your personal details into a website you’re not familiar with. See our advice about shopping online safely and browsing the web safely for questions to ask to help determine if a website is genuine.
Cybercriminals crack weak passwords – there’s even software that guesses billions of passwords per second!

Use strong, unique passwords (passphrases) for each online account. 

Cybercriminals use bugs in software to gain access to devices.

Keep your devices updated with the latest software, including antivirus software. Installing software updates will give you the latest security. You can even set updates to install automatically.

Other tips for protecting your online identity:

  • Don’t use Wi-Fi hotspots when you are doing something personal or sensitive on the internet as the Wi-Fi may not be secure. Learn more about using public Wi-Fi networks safely.
  • Regularly check your account statements including credit cards, bank statements, telephone and internet bills for possible fraudulent activity.
  • Check your credit report at least once a year to help you catch any unauthorised activity.
  • Always lock your mailbox and shred any sensitive documentation you no longer need.
  • Be wary of phone calls that ask for your personal information
  • Be wary of people trying to view your PIN while you are using ATMs and making other purchases.
What to do if you think your identity has been stolen

If you suspect any fraudulent use of your identity, there are some steps you should take:

  • Immediately report it to your bank, local police, social media account’s website or other online account that you may be concerned has been hacked into (these sites usually have a ‘Help’ section where you can report fraudulent activity to and seek help).
  • Lodge a report with the Greece’s Cyber Incident Response Team .
  • Change the passwords on your accounts and close any unauthorised accounts.
  • Request a credit report from a reputable credit reference bureau. A credit reporting body must give you access to your consumer credit report for free, once every 12 months.

Malicious insiders can be employees, former employees, contractors or business associates who have legitimate access to your systems and data, but use that access to destroy data, steal data or sabotage your systems. It does not include well-meaning staff who accidentally put your cyber security at risk or spill data.

There are many reasons an insider can be or become malicious including revenge, coercion, ideology, ego or seeking financial gain through intellectual property theft or espionage. They could:

  • impact external sites, creating public damage to your brand
  • prevent your systems from functioning properly
  • steal or sell business trade secrets or intellectual property (IP)
  • install malware for their own purposes.

Cyber adversaries can use employees whose trust they have gained to access your business systems and accounts. Employees could provide information to a malicious insider unknowingly, or mention sensitive details in trust.

How do I recover from a malicious insider threat?

Report illegal activity to the police.

Recovering from a malicious insider depends on the damage they have done. If they have damaged your website, installed malware or otherwise stopped your systems from functioning properly, you can put in place technical solutions to those problems.

However, if they have stolen data, there is very little you can do to recover. If you have unique logins and auditing on your systems (more information below), you or the police might be able to identify who the malicious insider is. However, this will not recover the stolen data. That is why prevention is key.

How do I prevent a malicious insider threat?

How to protect against malicious insiders will depend on your organisation, systems, culture and business processes, and how well this is communicated and understood by staff.

A malicious insider’s system access and knowledge of your business processes (particularly its checks and balances) can make them hard to detect. But there are practices you can put in place to reduce the risk of a malicious insider in your organisation.

Technical controls - Control removable storage

One of the easiest ways for a malicious insider to steal data is simply to plug in a removable storage device, like a USB stick. If possible, control who is allowed to connect removable media to your network, and what devices can be connected.

You could also block you network from connectivity with unapproved smartphones, tablets and Bluetooth/Wi-Fi/3G/4G devices.

Control outbound emails and files

Another way for a malicious insider to steal data is to email it to themselves, either through their work email address or personal webmail. They could also use upload files to cloud-based storage services. To prevent this:

implement a system to block and log outgoing emails with sensitive keywords or data patterns

block the use of unapproved cloud computing services including personal webmail.

Backups

Malicious insiders may set out to ruin your business by destroying your information systems. Keeping regular backups, which are only accessible to trusted staff, will reduce this risk.

Require strong passwords and multi-factor authentication

Requiring strong passwords and using multi-factor authentication means that even if a malicious insider gets hold of a colleague’s user id, it is difficult for them to get access to that account to perform malicious actions.

Access controls - Restrict access

If your business is dependent on critical intellectual property, or other highly sensitive and vulnerable information, you should restrict staff access to only what they need to do their job.

If that is impractical and wider access is provided, ensure transactions are logged, monitored and audited, and that staff are aware this is an ongoing practice. If possible, consider having a separate team to review audit logs.

Tracking the assignment and use of privileged accounts will help control who can do what on the network and restrict unauthorised activities.

Use unique logons

Staff should have unique logons to systems. Don’t let staff share a logon unless there is no other practical alternative. If staff must share a logon, try to devise a way to control this arrangement.

Deactivate access

When an employee finishes with your organisation, or their role changes, make sure their associated network and system access is deactivated at the same time.

Any shared passwords the person knows should also be changed. For example:

  • shared office WiFi password
  • alarm code
  • bank account passwords
  • remote access details
  • shared email accounts
  • administrative or privileged user accounts.

To help in this process, keep a checklist of all systems a staff member potentially has access to so that the access removals and password changes can be systematically checked and actioned as necessary. Provided the list is updated as new systems are added, the task of keeping it up to date should not be too onerous.

Auditing and logging

Many business information systems will log, monitor and audit staff network activities. You should investigate what logging capabilities your system has, especially for high-risk systems, such as ones that authorise payments.

Of course, without unique logons, auditing loses its value if you cannot identify who did the transaction.

Similarly, when looking to buy new software or cloud services, you should check that appropriate technical controls are included for critical transactions.

To be effective, you need to make sure audits of your system are regularly reviewed and that unusual activity is followed up. Make sure your staff know of your auditing and review process, so they are deterred from considering unauthorised activities

Focus on your culture

The culture of your organisation and overall contentment of your staff is important in mitigating the insider threat. The more integrity and transparency you have in your work environment, the harder it is to act dishonestly. Additionally, happy, valued and challenged staff members are less likely to act to harm your organisation.

Collaboration can also help discourage malicious insiders, by discouraging a culture of lone operators and reducing the incentives and opportunities for staff to work against your organisation.

An active approach to staff welfare will help you support your staff, and provide early warning signs of changes in their circumstances which might put them, and your organisation, at risk.

Business processes - Personnel security

For all employees, irrespective of their system access, pre-employment and background checks are a good first step.

Be clear with new starters on how you can and will verify pre-employment information and conduct background checks. You should also include a dispute process to identify incorrect information from these checks.

Identity should be established using a recognised form of identification, such as an Australian state or territory driver’s licence or Australian passport.

Police records checks are obtainable through State and Territory police forces.

You can check referees and previous places of employment.

In addition, there are firms that specialise in doing background checks on individuals.

You could also consider ongoing, periodic checks to ensure that you employees’ situations haven’t changed.

Intro

Malware (short for ‘malicious software’) is software that cybercriminals use to harm your computer system or network. Cybercriminals can use malware to gain access to your computer without you knowing, in targeted or broad-based attacks.

Malware is the term used to refer to any type of code or program that is used for a malicious purpose.

Cybercriminals use malware for many different reasons but common types of malware are used for stealing your confidential information, holding your computer to ransom or installing other programs without your knowledge.

Protect yourself from malware

Take the following steps to significantly reduce your risk of being affected by malware:

Use anti-virus software and automatically download signature updates daily. Learn about anti-virus software.
Keep all your other software up to date too. Learn about updating sofware.
Use strong passwords and passphrases. Learn how to create – and remember – strong passwords.
Backup your files regularly – ideally every day. Learn about how to back up files.
Disable Microsoft Office macros. (Macros are small programs used to automate simple tasks in Microsoft Office documents but can be used maliciously – visit the Microsoft website for information on disabling macros in your version of Office).
Use safe behaviour online. Learn about how to use email safely and browse the web safely.
Stay informed on the latest threats – sign up for the ACSC’s Alert Service.
Regularly check the software installed on your computer, tablet and other devices and uninstall any programs or software that is unused. If you see new programs or software that you did not agree to install, search the program name or ask your local computer repairer or retailer about the program, to see whether it is safe to use.
Prevent malware by installing applications safely

Malware is distributed in several ways:

By spam email or messages (either as a link or an attachment)
By malicious websites that attempt to install the malware when you visit, by exploiting weaknesses in your software
By masquerading as a good application you download and install yourself. Some malware even pretends to be anti-virus or security products.

Don’t download applications from third-party download sites.
Don’t click on online ads to download applications and do use ad-blocking software.
Don’t download and install applications from peer to peer networks – you never know who has changed the files.
Don’t click on links in emails or instant messages, or execute attachments unless you are sure  they are legitimate. Use a spam filter to protect yourself from  malicious messages.
Don’t install applications received from contacts, say via email or USB sticks, without scanning them with your anti-virus application first.
Learn more about malware

There are many different types of malware but most are used to either steal your information, your computer’s resources or your money. This table lists some of the most common types of malware affecting people and businesses in the wild today.

Type What it does
Trojans and backdoors

Traditionally trojans were programs that appear to serve a useful purpose but do something malicious when run. Trojans may steal information, download additional malicious files or even provide a ‘backdoor’ into your computer for a hacker – allowing them to do almost anything they like.

Ransomware

Malware that makes your computer or files unusable until you pay a fee. Essentially extortion by malware.

Keyloggers

Logs every keystroke you make and then sends that information, including passwords, bank account numbers, and credit card numbers, to scammers for fraudulent use.

Viruses and Worms Viruses are malicious programs that infect files, inserting themselves into the file’s code and then running whenever the file is used. Worms are standalone malicious programs that spread themselves from computer to computer. Similar to trojans, viruses and worms can have many different payloads – for example, they can steal your information, download and install other malicious files, delete your files or even send spam.

The following signs may indicate there is malware on your computer:

your web browser starts on a different homepage than normal
your files are inaccessible
random error messages appear, or
new programs, toolbars and icons have been installed.

To check if your computer is infected run a full scan using your anti-virus software and follow the instructions to remove it. 

What is phishing ?

Phishing is a way that cybercriminals steal confidential information such as online banking logins, credit card details, business login credentials, passwords/passphrases, by sending fraudulent messages (sometimes called ‘lures’).

These deceptive messages often pretend to be from a large organisation you trust, to make the scam more believable. They can be sent via email, SMS, instant messaging or social media platforms. They often contain a link to a fake website where you are encouraged to enter confidential details.

Watch our video to find out what a phishing message looks like and how they work.

How to protect yourself from phishing

Phishing emails have been used by cybercriminals to steal financial details from Greeks for a number of years (phishing emails were first observed in Greece in 2003) but have become increasingly sophisticated since then.

Business brands that are commonly copied include: state and territory police or law enforcement (fake fine scams), utilities such as power and gas (fake bills and overdue fines), postal services (parcel pick-up scams), banks (fake requests to update your information), telecommunication services (fake bills, fines or requests to confirm your details), and government departments and service providers such as the Australian Taxation Office, Centrelink, Medicare and myGov.

It used to be easy to recognise and ignore a phishing email because it was badly written or contained spelling errors, but current phishing messages appear more genuine. It can be very difficult to distinguish these malicious messages from genuine communications.

Because of phishing, it is now standard policy for many companies that they will not call, email or SMS you to:

ask for your user name, PIN, password or secret/security questions and answers
ask you to enter information on a web page that isn’t part of their main public website
ask to confirm personal information such as credit card details or account information
request payment on the spot (e.g. for an undeliverable mail item or overdue fee).

Many companies also have security pages that identify active scams using their branding. These pages often include examples and pictures of scam messages to help you tell fake messages from real ones.

Tip: If a message seems suspicious, contact the person or business separately to check if they are likely to have sent the message. Use contact details you find through a legitimate source and not those contained in the suspicious message. Ask them to describe what the attachment or link is.

Spear phising

More dangerous still are a class of phishing messages known as ‘spear phishing’. These messages target specific people and organisations, and may contain information that is true to make them appear more authentic.

These messages can be extremely difficult to detect, even for trained professionals, as they catch people with their guard down.

For example, you might get a message that appears to be from your own company’s IT help desk asking you to click on a link and change your password because of a new policy. 

Spear phishing often uses a technique called ‘social engineering’ for its success. Social engineering is a way to manipulate people into taking an action by creating very realistic ‘bait’ or messages.

Criminals are getting better at social engineering and putting more time, effort and money towards researching targets to learn names, titles, responsibilities, and any personal information they can find.

Social media accounts provide rich information about events, conferences and travel destinations that can be used to make an approach seem real and accurate. So consider what personal information you share online and learn how to use social media safely.

Protect yourself from phishing attempts

The best way to protect yourself from phishing attempts is to stay abreast of current threats, be cautious online and take steps to block malicious or unwanted messages from reaching you in the first place.

Take the following steps to protect yourself from phishing attempts:

Don’t click on links in emails or messages, or open attachments, from people or organisations you don’t know.
Be especially cautious if messages are very enticing or appealing (they seem too good to be true) or threaten you to make you take a suggested action.
Before you click a link (in an email or on social media, instant messages, other webpages, or other means), hover over that link to see the actual web address it will take you to (usually shown at the bottom of the browser window). If you do not recognise or trust the address, try searching for relevant key terms in a web browser. This way you can find the article, video or webpage without directly clicking on the suspicious link.
If you’re not sure, talk through the suspicious message with a friend or family member, or check its legitimacy by contacting the relevant business or organisation (using contact details sourced from the official company website).
Use a spam filter to block deceptive messages from even reaching you.
Understand that your financial institution and other large organisations (such as Amazon, Apple, Facebook, Google, PayPal and others) would never send you a link and ask you to enter your personal or financial details.
What to do if you think you have revealed confidential information

If you think you’ve entered your credit card or account details to a phishing site, contact your financial institution immediately.

Protect yourself from ransomware

Ransomware infects people’s computers in the same way as other types of malware. For example, attached to or linked from a malicious email, hiding on malicious websites or pretending to be useful applications on peer-to-peer networks.

The same advice to protect yourself against malware applies to ransomware, but the best way to reduce the impact of a ransomware incident is to create regular backups of your important files.

Take the following steps to significantly reduce your risk of being affected by ransomware and other malware:

  • Use antivirus software and automatically download signature updates daily.
  • Keep all your other software up-to-date too.
  • Use strong passwords (passphrases).
  • Make regular backups of valuable files and maintain offline copies that are not connected to your network.
  • Don’t click on links in emails or messages or open attachments from people or organisations you don’t know. Be especially cautious if the message is very enticing or appealing.
  • Disable Microsoft Office macros. Macros are small programs used to automate simple tasks in Microsoft Office documents but can be used maliciously – visit the Microsoft website for information on disabling macros in your version of Office.
  • Use safe behaviour online.
  • Stay informed on the latest threats
  • Read about how to protect your business from ransomware.

What are online scams?

Online scams are sophisticated messages, often using professional looking brands and logos to look like they come from a business you know. At first sight this can make it difficult for you to know what is real and what is fake.

A scam message can be sent by email, SMS, dating sites, social networking sites, instant messaging or even through videophone communications such as Skype or FaceTime.

 

What to look out for

Scammers use different tactics to try to win your trust. They can find out a lot about you from your social media profiles before approaching you as a friend or potential romantic partner. 

In winning you over, a scammer will work hard to get you to reveal more personal details about yourself – where you live, work, your family members, past relationships or financial circumstances. Once they have this information, they can use it to steal your identity or blackmail you into giving them money.

Some scams involve asking you for money upfront, to help with an ‘emergency’ or to pay for equipment or services. Scammers may even impersonate a friend or business you communicate with online, to try and convince you of their story.

Common online scams

To help keep you safe, the following links provide information on common scam types, advice on what to look out for and what you can do to protect yourself:

Dating and romance scams

Scammers often approach their victims on legitimate dating websites before attempting to move the ‘relationship’ away from the safeguards that these sites put in place, for example, by communicating through other methods such as email, where they can more easily manipulate victims.

Dating and romance scams are common and can be traumatic for the victim.

Scammers attempt to quickly develop an online relationship with you and then ask for money, gifts or valuable personal information. These scams often take place on online dating sites, however scammers can also use social media platforms or email to make contact.

Scammers usually create fake profiles online or take the identities of real people, such as military personnel or professionals working overseas.

Fake charities

Scammers impersonate charities all year round, often seeking fake donations in response to real disasters or emergencies.

While traditionally you may have been approached at your front door, scammers now also set up fake websites which look similar to those operated by real charities, or even contact you over email.

Investment scams

If you’re looking to invest money, make sure you’re aware of the warning signs of investment scams online so you don’t lose your hard earned money.

Investment scammers may offer high and quick returns or sometimes tax-free benefits, or pressure you to make a quick decision so you don’t miss out on the deal.

Shopping scams

Scammers pretend to be real businesses online by setting up fake websites that look like genuine online stores or by creating advertisements on legitimate sites to trick you into clicking on them.

Advertisements for these fake businesses can sometimes appear in your social media feed. Online scams can be difficult to spot, so you need to take steps to check whenever you shop online.

  • Start with doing your research to know who you’re buying from.
  • Be on the lookout for fake shopping sites.
  • Use secure payment methods when you’re ready to purchase.
  • Watch out for fake parcel delivery scams when you’re waiting for your items.

Online shopping scams copy the designs and logos from legitimate businesses to appear real. These scammers keep your money after you make a purchase (which you never receive) and they can make further fraudulent charges on your credit card if you’ve given them your financial details.

What to look out for

  • Strange methods of payment. This is often the biggest tip-off. Scammers may request payment using electronic funds transfer (e.g. Western Union, Money Gram), money order, pre-loaded money card or wire service. They might also ask for payment by gift card or in cryptocurrency like Bitcoin. Paying with these methods means you’re unlikely to get your money back, and you probably won’t receive your items.
  • Too good to be true. These scams often advertise benefits or items at unbelievably low prices.
  • Strange web address. The link from the advertisement appears genuine but when you click on it, the link takes you to a different address away from the seller’s website address.
  • No customer reviews. Be wary of social media shopping pages that are very new, selling products at very low prices and don’t have any customer reviews. Sometimes the conversation on social media about the company is one-way and comments are made by the page owner only and not from customers. After making a number of sales, social media scam stores will disappear.
  • No contact details or store policies. Be wary of companies whose websites provide no contact details or information about their privacy and returns policies, or their terms and conditions of use.
Unexpected money scams

There are different types of unexpected money scams, but they all promise the lure of some greater reward.

Unexpected money scams:

  • usually promise you a significant share of a large sum of money, or other reward, in return for a small up-front payment
  • request your personal financial details, and
  • are also known as ‘advance fee fraud’ scams.

What to look out for

There are different types of unexpected money scams, but they all promise the lure of some greater reward, which could be:

  • an unexpected lottery win
  • an inheritance
  • payment to assist with transferring money out of a country (‘Nigerian’ scams) 
  • a share in profits from a business investment.

Other signs to look out for:

  • You receive an unexpected message by email, text message or other online method that promises an extraordinary reward or opportunity (for example, you’ve won a lottery that you don’t remember entering or you’re offered an unbelievably good business opportunity).
  • You’re told that you need to pay an up-front fee or provide personal details to receive a much greater reward.
  • The email looks convincing and may use official looking letterhead and logos but it isn’t addressed to you personally. The offer pressures you to make a decision quickly, and it may also contain spelling and grammatical errors.
  • You’re asked to provide your bank account details, copies of identity documents as verification and to pay a series of fees, charges or taxes to help release or transfer the money out of the country, through your bank.

Tips to protect yourself

There are a number of different things you can do to protect yourself:

  • Understand that scams exist and use caution online. Be wary of messages that arrive out of the blue, whether on email, social media or other means. Remember there are no legitimate get-rich-quick schemes.
  • Do an internet search using the names, contact details or exact wording of the message to see if it has been used as a scam on other people. Many scams can be identified this way.
  • Follow our tips for safe behaviour when using the web.
  • Don’t open messages or click on links if you don’t know the sender or if you’re not expecting the message. Watch out for messages that promise you money or present hard luck or exotic stories offering you a share in millions of dollars.
  • Use a spam filter to catch fake messages before they get to your inbox and delete spam that gets through without opening it.
  • Don’t accept friend or contact requests on social media from people you don’t know. Scammers may use your information on social media, to make their messages more appealing or appear more genuine.

Top tips

If you think you have encountered a scam:

  • Talk about your concerns with a friend, family member or colleague. This can help you do a quick sanity check and reframe your thinking, because some scams work by playing on your emotions.
  • Check the scam’s legitimacy directly with the organisation it claims to be from, by using contact details sourced separately from the business’ official website (and not using any contact details from the message itself).

Top tips that often indicate it’s a scam:

  • It asks you to click on a link to ‘confirm’ your details.
  • It’s not addressed to you personally.
  • There’s a sense of urgency about the message.

In searching for a business’s official website or other pages, have a look online for any reviews from other people that may confirm it’s a scam.

You can also create a ‘not sure’ folder in your mailbox, where you drag suspicious messages to go through at a later time, perhaps with the help of someone you trust.

Remember some scams attempt to hijack your logical thinking by telling you to act urgently. Reframe your thinking by reviewing these messages the day or week after you receive them.

What is web shell malware

Malicious web shells are a type of software uploaded to a compromised web server to enable remote access by an attacker. While web shells may be benign, their use by cyber adversaries is becoming more frequent due to the increasing use of web-facing services by organisations across the world.

Delivery of web shells

Web shells are installed through vulnerabilities in web application or weak server security configuration including the following:

  • SQL injection;
  • Vulnerabilities in applications and services (e.g. web server software such as NGINX or content management system applications such as WordPress);
  • File processing and uploading vulnerabilities, which can be mitigated by e.g. limiting the file types that can be uploaded;
  • Remote file inclusion (RFI) and local file inclusion (LFI) vulnerabilities;
  • Remote code execution;
  • Exposed administration interfaces;
Prevention and mitigation

A web shell is usually installed by taking advantage of vulnerabilities present in the web server’s software. That is why removal of these vulnerabilities are important to avoid the potential risk of a compromised web server.

The following are security measures for preventing the installation of a web shell:

  • Regularly update the applications and the host server’s operating system to ensure immunity from known bugs
  • Deploying a demilitarized zone (DMZ) between the web facing servers and the internal networks
  • Secure configuration of the web server
  • Closing or blocking ports and services which are not used
  • Using user input data validation to limit local and remote file inclusion vulnerabilities
  • Use a reverse proxy service to restrict the administrative URL’s to known legitimate ones
  • Frequent vulnerability scan to detect areas of risk and conduct regular scans using web security software (this does not prevent zero day attacks)
  • Deploy a firewall
  • Disable directory browsing
  • Not using default passwords
Detection

Web shells can be easily modified, so it’s not easy to detect web shells and antivirus software are often not able to detect web shells.

The following are common indicators that a web shell is present on a web server:

  • Abnormal high web server usage (due to heavy downloading and uploading by the attacker);
  • Files with an abnormal timestamp (e.g. newer than the last modification date);
  • Unknown files in a web server;
  • Files having dubious references, for example, cmd.exe or eval;
  • Unknown connections in the logs of web server

For example, a file generating suspicious traffic (e.g. a PNG file requesting with POST parameters); Dubious logins from DMZ servers to internal sub-nets and vice versa.

Web shells may also contain a login form, which is often disguised as an error page.

Using web shells, adversaries can modify the .htaccess file (on servers running the Apache HTTP Server software) on web servers to redirect search engine requests to the web page with malware or spam. Often web shells detect the user-agent and the content presented to the search engine spider is different from that presented to the user’s browser. To find a web shell a user-agent change of the crawler bot is usually required. Once the web shell is identified, it can be deleted easily.

Analyzing the web server’s log could specify the exact location of the web shell. Legitimate users/visitor usually have different user-agents and referers (referrers), on the other hand, a web shell is usually only visited by the attacker, therefore have very few variants of user-agent strings